feat(code): execute inline !bash commands in cloud sandbox#1707
Open
VojtechBartos wants to merge 2 commits intomainfrom
Open
feat(code): execute inline !bash commands in cloud sandbox#1707VojtechBartos wants to merge 2 commits intomainfrom
VojtechBartos wants to merge 2 commits intomainfrom
Conversation
tatoalo
reviewed
Apr 23, 2026
Contributor
tatoalo
left a comment
tatoalo
left a comment
There was a problem hiding this comment.
some comments, thinking largely at how this could be abused 👀
Comment on lines
+2599
to
+2603
| if (pending) { | ||
| if (update.stream === "stdout") { | ||
| pending.stdout += update.chunk; | ||
| } else { | ||
| pending.stderr += update.chunk; |
Comment on lines
+2051
to
+2055
| const child = spawn("bash", ["-c", command], { | ||
| cwd, | ||
| env: process.env, | ||
| stdio: ["ignore", "pipe", "pipe"], | ||
| }); |
Contributor
There was a problem hiding this comment.
aren't we leaking envs here possibly?
| pending.resolve({ | ||
| stdout: pending.stdout, | ||
| stderr: pending.stderr, | ||
| exitCode: update.exitCode ?? (update.signal ? 1 : 0), |
Contributor
There was a problem hiding this comment.
nit for consistency, signal should not conflict with exit codes
- Don't pass process.env to shell spawns — only PATH and HOME, preventing API keys and tokens from leaking to user commands - Cap concurrent shell executions to 5 on both server and client side - Use Unix 128+N convention for signal exit codes instead of hardcoded 1 - Gate cloud bash to runs with a sandbox environment attached — threads sandboxEnvironmentId through session creation and checks it before allowing !command execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Inline
!commandbash was disabled for cloud runs — the handler used the local Shell service (node-pty) which can't reach the sandbox container.Solution
Added a
shell_executeJSON-RPC method on the agent-server that spawnsbash -c <command>inside the sandbox and streams stdout/stderr as SSE notifications. Renderer pre-generates anexecutionId, sends the command viaCloudTaskService.sendCommand, and resolves whenshell_exitarrives. Requires a paired backend PR to allowlist the new method.Prerequisites
PostHog/posthog#55064
Showcase
code-bash-cloud.mov